On 19/10/06, Stuart Gall <[EMAIL PROTECTED]> wrote: > > |http://mail.oldartero.com:8888/cgi-bin/put > > WARNING!! > This is not just a URL as nigel points out > Look it is a pipe and a URL to a cgi script. This is clearly an > attempt to break something and gain some sort of unauthorised access. > > I am not saying that exim is vulnerable to this kind of attack, but > it looks like an attack so I would strongly discourage from letting > it any further in to your system. AND I would recommend that you > block that IP at connect or even better on the firewall.
It's a probe for an open proxy. If that URL gets a hit, it means that the injection of the URL succeeeded somewhere - the source IP of the hit is logged for later exploitation. Block on sight. Peter -- Peter Bowyer Email: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
